Facebook’s Parse – DOM XSS

2:01 PM

These are just some simple bugs that were present in Parse
site. Considering the ease of exploitation, I am posting this to make sure
other people can scan the JS code more intensively and find more bugs, it’s
very likely.

Share This Story

You Might Also Like

8
comments

can you give me a direction for dom xss i meant see i know js and today i started learning js dom like in your recent post you write > document.getElementById('content').innerHTMLWith window.location.pathname without no proper encoding.but why add ? to execute payload i meant how to know which thing to add like first one i got but in second why u added closesrc can you post a article about these

Hi, I didn't give explicit details because I taught they would be obvious to the regular hunters and pen testers. document.getElementById('content').innerHTML = document.location.pathname implies that to find the element (in this case div with the id content) and make its innerHTML contain the page's path. since we can control the pages path, we can give it a malicious input. when it is rendered back to the HTML, the malicious input gets reflected and causes XSS.

About Paulos

I am currently specializing in application security and client side offensive exploit research. I really enjoy breaking things. I occasionally do bug bounties, with notable references such as Coinbase, Facebook,Twitter& more.